Whoops! Cisco changed its default admin password (to ‘Cisco1234’)


Cisco password
There’s an amusing story by Simon Sharwood in The Register today.

Apparently when Cisco shipped its Unified Computing System (UCS) boxes between November 17, 2015 and January 6, 2016 it made a configuration error.

You see, when you try to set them up you won’t be able to access them with the default admin password of - wait for it - “password”. Instead, for reasons best known to Cisco they changed the default password to the marginally less insecure (but not documented) “Cisco1234”.

Part of Cisco advisory

So, no. If you’re a sysadmin who is trying to log into your new Cisco kit’s Cisco Integrated Management Controller (CIMC), and are banging your head against the wall because the default password isn’t working, for once it’s not a case of RTFM.

It should go without saying that as soon as you gain access to your shiny new Cisco box you should reset the password. But not to “password”. Obviously. If you stick with the default password that a product ships with you’re just asking for trouble.

More details about the issue are given in an advisory that Cisco published yesterday.

Tags: ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts


3 Responses

  1. Raul

    January 12, 2016 at 12:25 pm #

    Actually, the cisco1234 is the one used in the labs for the CCNA (and old CCNP) certificates (once the practices for hardening begin to take place). So, seem someone from Cisco had been with nightmares with that password

  2. Tom

    January 14, 2016 at 3:42 am #

    Priceless!! All coming from the “security company” that instead of joining standards like IF-MAP has decided that after sitting in for awhile (to gather what it could) decided to go make their own proprietary one (as usual)

    • coyote in reply to Tom.

      January 14, 2016 at 6:15 pm #

      1. Cisco Systems isn’t a security company.
      2. Humans aren’t perfect.
      3. Humans make mistakes. See point 2.
      4. Even those with the best intentions can go afoul. See points 2 and 3.
      5. As Raul points out, there is some history with this password.

      You also demonstrate some of these points. No, I’m not criticising you but merely pointing out that this is an honest mistake and that is something we all do (anyone claiming otherwise isn’t being honest to themselves and by extension to anyone else).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.